Snooping and Inspecting Traffic 881How Is the DHCP Snooping Bindings Database Populated?The DHCP snooping application uses DHCP messages to build and maintainthe binding’s database. DHCP snooping creates a tentative binding fromDHCP DISCOVER and REQUEST messages. Tentative bindings tie a clientto a port (the port where the DHCP client message was received). Tentativebindings are completed when DHCP snooping learns the client’s IP addressfrom a DHCP ACK message on a trusted port. DHCP snooping removesbindings in response to DECLINE, RELEASE, and NACK messages. TheDHCP snooping application ignores the ACK messages as a reply to theDHCP Inform messages received on trusted ports. You can also enter staticbindings into the binding database.When a switch learns of new bindings or loses bindings, the switchimmediately updates the entries in the database. The switch also updates theentries in the binding file. The frequency at which the file is updated is basedon a configurable delay, and the updates are batched.If the absolute lease time of the snooping database entry expires, that entry isremoved. Make sure the system time is consistent across the reboots.Otherwise, the snooping entries will not expire properly. If a host sends aDHCP release while the switch is rebooting, when the switch receives theDHCP discovery or request, the client’s binding goes to the tentative bindingas shown in Figure 27-1.Figure 27-1. DHCP BindingThe binding database includes data for clients only on untrusted ports.TentativeBindingCompleteBindingNo BindingACKDiscoverDiscoverRequestReleaseNACKDeclineNACK